Q. Electronic health records and electronic communications have associated risks. Could you provide some tips for managing those risks?
A. Medical information in an electronic health record (EHR) is subject to the same professional etiquette that governs traditional paper health records, including legal rules and ethics.
As more physicians embrace EHRs and communicate with patients via health portals (see the April 2 issue of ISMA Reports), more risks unique to EHRs can arise.
It’s a good idea for you to familiarize yourself with Indiana’s regulations on electronic communications. Find those here.
In addition, here are some suggestions to help minimize your risk.
- Ensure the confidentiality of patient information is protected by implementing a secure network for any type of e-communications.
- Obtain informed consent for online communication between patient and physician, including consent regarding the appropriate use and limitations of email communication. As with patient portals, have written protocols for online communication, such as response times and avoidance of electronic communications in emergencies.
- Detail steps for authenticating the identity of the correspondent(s) in e-communication and ensure recipients are authorized to receive the information. Avoid offering, promoting or encouraging patients to participate in online health care services where patient authorization is not addressed.
- Avoid sensitive subject matters such as mental health status, substance abuse, etc. in e-communications.
- Ensure computer systems are password protected and employ automated log-out technologies to avoid unauthorized access to patient-protected information.
- Incorporate online communication into the medical record. Email communications can be available on a computer’s hard drive even when the information is deleted, and the information may become discoverable in a malpractice suit.
- Use only credible and authorized sources, recommend experts. Physicians are responsible for information made available to patients online.
- Add a disclaimer if the practice’s website links to any third-party website/information. The disclaimer should advise patients and visitors they are leaving the practice’s website, and the practice does not assume responsibility for the linked website’s content or privacy.
Physicians insured by ProAssurance may contact our Risk Management department for prompt answers to liability questions by calling (800) 292-1036 or via email.